Telematics Security

Connected

Telematics Control Units (TCUs) provide cellular connectivity for remote services, over-the-air updates, and fleet management - and a potential remote attack vector.

Telematics Attack Surface

telematics-arch.txt

text

Telematics Unit Components:
├── Cellular Modem (2G/3G/4G/5G)
│   └── Remote attack surface
├── GPS Receiver
│   └── Spoofing target
├── Vehicle Interface (CAN)
│   └── Pivot to vehicle systems
└── Backend Services
    └── API vulnerabilities

Common services exposed:
- Remote start/stop
- Door lock/unlock
- Vehicle tracking
- Diagnostics
- Over-the-air updates

Testing Telematics APIs

telematics-api.sh

bash

# Capture API traffic from mobile app
# Use Burp Suite with certificate pinning bypass

# Common API vulnerabilities:
# - IDOR (access other vehicles by ID)
# - Broken authentication
# - Missing authorization
# - Information disclosure

# Example: Direct object reference
GET /api/v1/vehicles/12345/location
# Change to another vehicle ID
GET /api/v1/vehicles/12346/location

# SMS command injection
# Some TCUs accept SMS commands
# Test for command injection in SMS handlers

# Cellular network attacks
# Fake base station attacks
# IMSI catchers for TCU identification

Telematics Security

Telematics Attack Surface

Testing Telematics APIs

Related Topics

Infotainment

ECU Firmware